Malformed auth header breaks logging and service

Created on 16 February 2024, 10 months ago
Updated 11 March 2024, 10 months ago

Problem/Motivation

I was working with someone to hook up a Drupal API externally and found that Rest Log was producing this error:

TypeError: Drupal\rest_log\EventSubscriber\RestLogSubscriber::maskString(): Argument #1 ($string) must be of type string, null given

Worth noting that this interrupts everything and stops the API from being reached, so it's not very easy to determine what has gone wrong unless you can see the configuration of the connecting agent. I worked through the code to figure out that, in my case, the request auth header was missing 'Bearer ' before the API key.

Steps to reproduce

Create an API that uses Bearer Token authorisation.
Connect to API without the word 'Bearer' in the auth header.

Proposed resolution

I'm not sure logging is the place to be validating headers and outputting that sort of error so I propose a bit of extra checking so that the error isn't triggered and auth header contents are still redacted. This will leave it to the API to check headers, etc.

🐛 Bug report
Status

Fixed

Version

2.0

Component

Code

Created by

🇬🇧United Kingdom very_random_man

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024